Attacker Value
Very Low
(1 user assessed)
Exploitability
Very Low
(1 user assessed)
User Interaction
None
Privileges Required
Low
Attack Vector
Local
0

Intel CPU Memory Mapping Local Information Leak: 'Spoiler'

Disclosure Date: April 17, 2019
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

Memory access in virtual memory mapping for some microprocessors may allow an authenticated user to potentially enable information disclosure via local access.

Add Assessment

1
Ratings
  • Attacker Value
    Very Low
  • Exploitability
    Very Low
Technical Analysis

Another in the long line of speculative side-channel attacks, this increases the effectiveness of existing attacks, but is also disabled by similar mitigations. Unlikely to be used in any practical way by an attacker, there are many more sources of low-hanging fruit.

CVSS V3 Severity and Metrics
Base Score:
3.8 Low
Impact Score:
1.4
Exploitability Score:
2
Vector:
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Attack Vector (AV):
Local
Attack Complexity (AC):
Low
Privileges Required (PR):
Low
User Interaction (UI):
None
Scope (S):
Changed
Confidentiality (C):
Low
Integrity (I):
None
Availability (A):
None

General Information

Products

  • Microprocessor Memory Mapping Advisory

Additional Info

Technical Analysis